PopòApp

The use of this application (hereinafter also "APP") for the colorimetric recognition of feces collects some data of the legal representative of the infant (hereinafter also "User"), as well as of the infant himself whose feces are photographed, in pseudonymized form. Only if the application recognizes suspicious colorimetric characteristics of the aforementioned stools due to hypocolia or acholia, will the user be offered the possibility of scheduling, even electronically, a specialist visit at the Bambino Gesù Pediatric Hospital in Rome (hereinafter also "Hospital"). In this case, the User will be asked for personal identification data to allow planning of the visit. Such data will be processed in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter also "GDPR"), relating to the protection of natural persons with regard to the processing of personal data, as well as the freedom circulation of such data.

Data Controller

The data controller is the Bambino Gesù Children’s Hospital (hereinafter "Hospital" or "Data Controller"), an institution of the State of the Vatican City, with headquarters in Piazza S. Onofrio 4, 00165 Rome, in one of the extraterritorial areas recognized by the Lateran Treaty of 1929, CF 80403930581, which exercises its functions, through its legal representative. In addition to the contact details indicated on the hospital website, the Data Controller can be contacted at the following e-mail address: privacy@opbg.net.

Data Protection Officer

The Hospital has designated the Data Protection Officer/Data Protection Manager ("DPO"), available at the hospital headquarters in Piazza S. Onofrio n. 4, 00165 Rome who can be contacted at the following e-mail address: dpo@opbg.net.

Categories of Personal Data Processed

The categories of data processed are the following:

Personal data (e.g., name, surname) and contact data (e.g., e-mail, mobile number) if necessary to be contacted by the hospital;
Unique ID to trace the multiple sending of photographs of infant feces uploaded in different sessions to the same User; data relating to the health of the infant attributable to the unique user ID;
Type of User (legal representative of the minor - Parent - or doctor);

It should be noted that the APP can also collect pseudo-anonymous data of the infant whose feces are photographed, including weeks of gestation, birth weight, weight at the time of using the APP, weeks of life of the infant, methods of nutrition.

Methods of Data Processing

The Data Controller adopts the appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of anonymous and personal data.

Data processing is carried out using IT and/or telematic tools, with organizational methods and with logic strictly related to the purposes indicated.

Purpose, Legal Basis of Data Processing and Retention Times

The User's data is processed by the Data Controller within the limits of what is strictly necessary to provide the requested services. The Data Controller guarantees that personal data will not be used when the purposes pursued can be achieved through anonymous data or with methods that allow the User to be identified only if necessary.

In particular, the User's personal data is processed in the following circumstances:

To allow the use of the app by installing cookies. For more information, please consult the technical cookie policy. The lawfulness of the processing of personal data is based on the execution of a contract, pursuant to article 6, par.1, lett. b), GDPR. The User's personal data will be kept for the entire duration of use of the APP.
To allow the Owner to provide the requested Service, answering questions from Users, if the APP identifies fecal colorimetric characteristics that deserve further diagnostic investigation. The APP will also offer the User the possibility of scheduling a specialist visit, even electronically, at the hospital.
To allow the Owner to trace the different photos taken of the feces of the same infant, taken in multiple sessions of accessing the APP, to a single User through a unique ID in order to guarantee a more accurate diagnosis of the suspicious colorimetric characteristics of the feces. The lawfulness of the processing of common personal data is based on the consent of the interested party, pursuant to art.6, par.1, letter. a), GDPR and data relating to the health of the infant on explicit consent pursuant to art. 9, par.2, letter. a) GDPR.
To fulfill legal obligations. The lawfulness of the processing of personal data is based on the fulfillment of a legal obligation to which the Hospital is subject, pursuant to article 6, par.1, lett. c) GDPR. In this case, the User's personal data will be kept for the period established by the applicable legislation.
To identify any malicious or fraudulent activity and to ascertain, exercise or defend the right of the Data Controller in court. The lawfulness of the processing of personal data is based on the legitimate interest of the Data Controller, pursuant to article 6, par.1, lett. f), GDPR, to prevent the unlawful use of the tools made available on its website. In this case, the User's personal data will be kept for the entire duration of the out-of-court and/or judicial proceeding until the terms of effect of the judicial protections and/or appeal actions have expired.

The User assumes responsibility for the data entered in the APP and guarantees that she/he has the right to communicate or disseminate them, freeing the Owner from any liability to third parties. Once the storage terms indicated above have elapsed, the Personal Data will be destroyed, deleted or made anonymous, compatible with the technical cancellation and backup procedures, in compliance with the GDPR and the applicable data protection law.

Possible Recipients or Categories of Recipients of Personal Data and Place of Processing

Personal data, if necessary, can be communicated (by this term meaning giving knowledge to one or more specific subjects) to subjects, Data Controllers, whose right to access the data is recognized by national and EU law provisions Union and to third parties to satisfy the requests sent by the User through the APP.

In addition to the Owner, in some cases, other subjects involved in the management and maintenance of this APP (administrative staff, lawyers, system administrators) or external subjects (such as third-party technical service providers, hosting providers, IT companies) may have access to the data. These, if necessary, are appointed as Data Processors by the Data Controller.

In particular, the Hospital has appointed as its Data Processors:

• OPTIMA SOLUTIONS Srl;

• MASTER ROBOT STUDIO Srl.

The updated list of Data Processors can always be requested from the Data Controller.

Personal data are not disclosed in any case (this term means giving knowledge of it in any way to a plurality of unspecified subjects).

Authorized Subjects

Data processing necessary for the services provided through the APP is handled by the technical personnel authorized for processing, or by any persons authorized to carry out occasional maintenance procedures.

Optional Provision of Personal Data

Unless otherwise specified, all data requested by this APP are indispensable. If the user refuses to communicate them, it may be impossible for this APP to provide the service. In cases where the APP indicates some data as optional, users can refrain from communicating such data, without this having any consequence on the availability of the service or its operation.

Data Transfer to Countries Outside the European Economic Area

The transfer of the User's identification data to countries outside the European Economic Area is not envisaged. Should this hypothesis occur, the User will be provided with the information required by art. 13.1, letter f) of the GDPR.

User Rights

The User can exercise his/her rights pursuant to the GDPR with reference to the data processed by the Data Controller by writing to the address privacy@opbg.net.

In particular, the User has the right to:

Revoke consent at any time. The User can revoke the previously expressed consent to the processing of his/her Personal data.
Object the processing of data. The User can object to the processing of his/her data when this occurs on a legal basis other than consent. Further details on the right to object are set out in the section below.
Access data. The User has the right to obtain information on the data processed by the Owner, on certain aspects of data processing and to receive a copy of the data processed.
Check and ask for rectification. The User can verify the correctness of his/her data and request updating or correction.
Obtain the limitation of the treatment. When certain conditions are met, the User can request the limitation of the processing of his/her data. In this case, the Owner will not process the data for any other purpose than for their conservation.
Obtain the cancellation or removal of personal data. When certain conditions are met, the User can request the cancellation of his/her data by the Owner.
Receive data or have data transferred to another holder. The User has the right to receive his/her data in a structured format, usable and readable by an automatic device and, where technically feasible, to obtain the unhindered transfer of the data to another holder. This provision is applicable when data are processed with automated tools and data processing is based on the User's consent, on a contract of which the User is a party or on contractual measures connected to it.
Lodge a complaint. The User can lodge a complaint to the competent personal data protection authority, by completing and sending the request using the form that can be read and downloaded from the website of the personal data protection authority at the following link https://www.garanteprivacy.it/home/docweb/-/docweb-display/docweb/4535524 or take legal action.

Changes to this Policy

The Data Controller reserves the right to make changes to this privacy policy at any time by updating the relevant section in the APP or by notifying the Users, if technically and legally feasible, using one of the contacts provided by the User.

If the changes concern treatments whose legal basis is consent, the Data Controller will collect the User's consent again, if necessary.

Having read the information

I confirm that I have read the information on this page